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(57) Abstract: Software execution control in which a series of two-way rule checks is performed between software-defined commu- 
nications system component records to ensure and maintain system security and integrity. A system platform (20) performs a series of 
two-way rule checks between records of a system platform (20) and an application (22) called by the platform (20), between records 
of the called application (22) and a module (24) that defines the called application (22), and between the records of the module (24) 
that defines the called application (22) and the platform (20). Both the called application (22) and the module (24) that defines the 
called application (22) are then instantiated if the two-way rule checks are successful. Because the rule checks are performed in a 
two-way manner, restrictions such as licensing and source restrictions may be placed not only on system modules (24-30), but also 
on the applications (22) using the modules (24-30), thereby enabling higher levels of system security to be achieved. In addition, the 
present invention minimizes processing overhead by providing for load-time rule checking rather than run-time checking associated 
with conventional enforcement systems. 
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(57) Abstract 

A computer system incorporating two or 
more processors, each operating with a respective 
program, is arranged to monitor the processors 
and/or programs by assigning to each processor 
and/or program a unique identifying code. Each 
processor stores its own identifying code and the or 
each identifying code of associated processors. Dur- 
ing initialisation the processors exchange identify- 
ing codes with each other, compare these and pre- 
vent operation of the system when the correct com- 
bination of processors and/or programs is not esta- 
blished. 
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Method For Monitoring The Correct Combination 
Of Processors Or Programs In A Computer System 

The present invention relates to a system for 
ensuring that a correct system is being constructed 
during assembly of a computer system especially a 
safety system, incorporating two or more processors. 

In many modern computer systems, particularly 
those using microprocessors, it is known to intercon- 
nect the microprocessors in order to achieve a desired 
overall function. In some applications, particularly 
where safety is involved, it is important to know that 
the correct parts have been used when building up the 
computer system as many of the parts are distinguish- 
able only by careful inspection of code numbers on the 
parts or labels attached thereto. 

The present invention proposes to overcome 
the difficulty of identification by an operator by 
inserting a so-called "code" in one processor and/or 
program associated with said one processor and a check 
"code" in another processor, and indicating when the 
"codes" do not correspond to alert an operator to 
incorrect assemble or faulty parts. 

By the term "code" is meant any indication 
which is machine readable and is uniquely indicative of 
a processor or program. 

In order that the present invention be more 
readily understood, an embodiment thereof will now be 
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described by way of example with reference to the 
accompanying drawing which shows a flow chart of the 
operation of a system according to the present inven- 
tion. 

If one considers the design of an electronic 
control device which utilizes two or more processors 
(CPU's) it is not uncommon for each processor to have 
associated therewith a program which is often stored in 
a ROM or PROM which may be on board or external. In 
order to ensure that the correct processors and pro- 
grams are used in combination, each processor and/or 
program is assigned a unique identifying "code" and is 
also given the unique "code" of each associated proces- 
sor and/or program which is to be connected to it. The 
processors then carry out a check on the identifying 
"code" and only if they correspond is the system ac- 
ceptable. 

This operation will be explained in more 
detail with reference to the drawing which assumes that 
there are only two processors involved. If one looks 
at the left side of the drawing processor 1 after 
program start at step 1 , addresses the processor 2 at 
step 2 and processor 2 in turn transmits to processor 1 
the identifying "code" of processor 2. Processor 1 
also retrieves from its own memory at step 3 the stored 
identifying "code" of processor 2. When the trans- 
mitted "code" from processor 2 is received by processor 
1 at step 4 the stored and transmitted "codes" are 
compared at step 5 and if they correspond the system is 
allowed to continue as indicated by a Y output. If 
the "codes" do not correspond an N output is generated 
at step 5 and an error is indicated at step 6 and if 
necessary to system is disabled. 

As part of the addressing operation in step 
2, the processor preferably retrieves its own identify- 
ing "code" at step 2a and transmits this at step 2b as 
the address to processor 2. 
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The right hand side of the drawing is identi- 
cal to the left hand side and shows that processor 2 
goes through the same steps as processor 1 and the 
steps, in relation to processor 2 are identified by 
similar reference numerals but increased by ten. 

Although the identifying "code" is associated 
with a respective processor, it may indicate not only 
the processor but also the program or version of the 
program which that processor is using. This is partic- 
ularly useful where updates in programs are taking 
place as it ensures that only correct function combina- 
tions of processors and/or programs are accepted. In 
this case, it is useful if the identification "name" is 
stored in EPROM in the processors involved as this 
permits easy modification. If no modifications are 
envisaged, the "name" may be stored in ROM. 

The above operation is carried out during 
initialisation and the addressing and checking opera- 
tion may take place only once or a predetermined number 
of times before the system is inhibited. 
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CLAIMS : 

1 * A method for monitoring a plurality of pro- 

cessors or programs in combination in a computer system 
comprising the steps of coupling at least two proces- 
sors together to enable transfer of data and addresses 
therebetween, storing in each processor respective code 
identifying the processor and/or program used by the 
processor, storing in each processor a further code 
identifying the or each processor or program coupled 
thereto, causing each processor to address the or each 
processor coupled thereto, each addressed processor 
being arranged to transmit its respective identifying 
code to the addressing processor which compared each 
transmitted identifying code with its stored further 
codes and indicating when the transmitted codes do not 
correspond with the stored further codes. 

2 * A method according to claim 1, wherein the 

addressing step is carried out by sending each proces- 
sor its own identifying code.. 

3 * A method according to claim 1 or 2, wherein 

the indication that the transmitted codes do not corre- 
spond is that operation of the computer system is 
inhibited. 
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